A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Chinese threat actors use Quad7 botnet in password-spray attacks |
| FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info |
| Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide |
| PTZOptics cameras zero-days actively exploited in the wild |
| New LightSpy spyware version targets iPhones with destructive capabilities |
| LottieFiles confirmed a supply chain attack on Lottie-Player |
| Threat actor says Interbank refused to pay the ransom after a two-week negotiation |
| QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024 |
| New version of Android malware FakeCall redirects bank calls to scammersRussia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files |
| Google fixed a critical vulnerability in Chrome browser |
| QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 |
| International law enforcement operation dismantled RedLine and Meta infostealers |
| Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766 |
| Russia-linked espionage group UNC5812 targets Ukraine’s military with malware |
| France’s second-largest telecoms provider Free suffered a cyber attack |
| A crime ring compromised Italian state databases reselling stolen info |
| Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain |
| Black Basta affiliates used Microsoft Teams in recent attacks |
| Four REvil Ransomware members sentenced for hacking and money laundering |
International Press – Newsletter
Cybercrime
Italy police arrest four over alleged illegal database access, source says
Free, France’s second-largest telecoms company, confirms being hit by cyberattack
The Crime Messenger: How Sky ECC Phones Became a Tool of the Criminal Trade
Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages
Operation Magnus
Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack
Ex-Disney worker accused of hacking computer menus to add profanities, errors
Malware
EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs
ESET Online Scanner for Redline and META
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
LightSpy: Implant for iOS
Pygmy Goat
Hacking
Protect AI’s October 2024 Vulnerability Report
An analysis of the Keycloak authentication system
Anthropic flags AI’s potential to ‘automate sophisticated destructive cyber attacks’
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin
GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI
Intelligence and Information Warfare
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
CloudScout: Evasive Panda scouting cloud services
Hidden Warfare: Iran’s Growing Dependence on Criminal Networks
New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad
Cybersecurity
Unchaining Blockchain Security Part 1: The Emerging Risks of Private Blockchains in Enterprises
OT security becoming a mainstream concern
My Habit Was Collecting
OpenAI’s new ChatGPT Search Chrome extension feels like a search hijacker
Synology hurries out patches for zero-days exploited at Pwn2Own
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)